Huawei, the giant Chinese telecoms manufacturer, has deleted claims on its own website and by its staff that it is involved in a partnership with Phorm.
Nonetheless, the pair are working together, and Phorm is also integrating its behavioural advertising technology with Cisco routing gear as it courts ISPs outside the UK.
On …

COMMENTS

Its high time to make it illegal

There's only one *proper* thing to do about this sort of insidious spyware and that is to make it completely and totally illegal.

The concept of people being forcefully "opted" into something they probably don't even know about and almost certainly don't understand is totally wrong, has absolutely no merit whatsoever and should be very specifically prohibited.

Confirmation by denial

I'd take the actions of Huawei and their statements, especially the things they DON'T say, as absolute confirmation of what they appear to be trying to deny.

What do the actions and statements TRY to convey? - no connection with Phorm.

What is the undeniable truth? - a Huawei connection with Phorm. It's there in the caches and Scrapbook files of those of us who have been following this story for months, even years.

Why does this need denying (at least with regard to the UK?) - because everyone knows that TalkTalk are deep into a publicly acknowledged relationship with Huawei/Symatec relating to their STalkSTalk trials, now known as "Virus Alerts" and baby you ain't seen nothing yet - because TalkTalk have much more exciting stuff to come. So any taint of Phorm is bad news and must be eradicated. I suggest everyone sends Charles Dunstone and Dido Harding Odour Eaters for Christmas - to remove the smell of Phorm.

hmm

Where could they have possible learned these tactics considering how open and honest their national government is? Yep all the gymnasts after all where in in their mid 20s and it was rare genetic mutation they still had their baby teeth. Lol I believe Bella Corolli on this as who knows children better than a pedophile?

So to be clear...

Huwai are not working with Phorm, but instead are working on their own system called iTarget - but which itself is really the Phorm system, but in a new set of clothes. So that's a nice piece of marketing smoke then.

Also, it's going to be embedded in the devices that actually power the internet, thereby making it almost impossible to give an informed consent to be either opted in or out.

* Sigh * As myself and others said when the Phorm/BT debacle was in full flight... this is not going away soon as there is too much virtual money at stake and too many snouts in the trough with vested interests.

It pains me to say it but ultimately this insidious tech will be embraced and approved by many of the very corporations that we work for, and by the political influencers that stand to benefit most.

For you and me though... hey, who gives a st*t about us and our rights right? We'll once again be ignored, just like the rest of the lowing cattle in the capitalist farm.

Sir

Isn't it amazing that a technology firm that gathers an unsavoury reputation is more attractive to certain interested parties. Scum, in other words.

Oh, and "Huawei and Huawei Symantec do not have any joint ventures with Phorm and do not cooperate with Phorm or use any technologies from Phorm to provide product to individual subscribers or companies in the UK"

that whole statement is also negated if they just don't offer it as a product to 'individual subscribers'. You could drive 10 buses through the holes in that statement, very trustworthy I'm sure.

I think its about time we started to look at cracking down on all 'service providers'

both phones, postal, internet and other 'Services' like gas and electricity. The dearth of companies trying to extract revenue by abusing the services they are supposed to be, and being PAID, to provide is disgusting. The sheer contempt that companies show by abusing thier customers to milk another stream is starting to get very tedious....

So where did it all start? my guess is with mr Murdoch... and his pay for tv 'service' that actually has more adverts than other free to air services (ITV C4 Channel5 etc) (and now can buy shows that would have been free to air if people hadn't given thier money to murdoch in the first place!) But the TV market has been able to tollerate this to a degree as there has always been an alternative, mainly the BBC that we brits appricate so much. But now that other industries are 'following the model' we are starting to see industries where there is no alterrnative. I applaud my ISP Be* for keeping it simple and just providing what I pay for, I applaud Google in thier attempts to cut out the unnessacery tat the mobile operators insist on installing on phones with the Nexus one, but is that it?

Whilst it was true that the big public owned entites (the old BT, British Gas, BR etc) became fat and lazy it was also the case that they generally didn't try to milk the customers so badly, like the new private entites that they have become are trying to do, yes thats BT etc, being solely profit driven really is not the best course for services and I think its about time that the government started to impose some heavy regulation (as they have done in financial services) to ensure that basic interference free reliable and cost effective services are available to all, as a minumim standard. Then on top of the basics companies can offer alternatives to sell should people desire to spend more for more, or less via supported services,whether that is ad supported internet or market traded Gas Futures, but there absolutely MUST be a choice.

Basil... there's a kipper sticking out of your jumper

The behavior of this Chinese outfit reminds me of one of my favorite Fawlty Towers episodes, the one in which a guest dies shortly before a visit by a team of hotel inspectors. Shortly after finding the guest dead in his room, Basil mistakenly concludes that he died of food poisoning from a kipper that was past its "use by" date. Desperate to hide the evidence, he snatches the kipper from the dead man's breakfast tray and slips it into his "jumper" ("vest sweater" to us Yanks) -- except that he inadvertantly leaves the tail sticking out.

The doctor arrives to confirm the man's death, as Basil flinches about the room, acting all guilty n'shit, until Sybil discreetly pulls him aside and calmly informs him, "Basil... there's a kipper sticking out of your jumper..."

Yes I do. Whoops No I don't.

http://img254.imageshack.us/img254/1345/jdingnt.png

"Focus on value-add solution bassed on DPI product. Building joint venture with advertising soulution company Phorm both in China and Global. Research MSSP market and planning security as a service solution."

"Focus on value-add solution bassed on DPI product. Sepecially [sic] in advertising soulution. Research MSSP market and planning security as a service solution."

I might suggest that the 'Security as a Service solution is in fact the GreenNet solution being used by TalkTalk. Funny thing that. This bloke working with Phorm and TalkTalk at the same time what with TalkTalk being associated with Phorm in the past.

I also seem to remember Symantec calling some of Phorms previous efforts spyware and rootkits. Now one of their divisions is actively working with the company. Still, I suppose time stands still.

Anyone notice how the GreenNet system 'phones home' to update 'databases'...?

http://www.huawei.com/products/datacomm/catalog.do?id=3596

"Updates the DPI signature library, URL classification database, malicious Web site database at Huawei security update website in real time. The update does not require intervention and is easy to operate and manage."

Of course any suggestion that the same might happen with the iTarget/Phorm solution would be 'an intentional unjustified slur on the firm's reputation' so I won't make any such suggestion.

Perhaps a stupid question, but ...

"Anyone notice how the GreenNet system 'phones home' to update 'databases'...?

http://www.huawei.com/products/datacomm/catalog.do?id=3596

"Updates the DPI signature library, URL classification database, malicious Web site database at Huawei security update website in real time. The update does not require intervention and is easy to operate and manage."

Sorry for being dumb, but can you tell me a) how this is different from the updates done but other security products and b) how do you build a system like this that can operate effectively without some form of updates?

I can understand people's concerns about the whole topic of DPI & privacy etc., but is the whole 'it's a Chinese company so must be bad' thing really necessary? Do you really think for one minute that companies like Cisco, Juniper, Ericsson and NSN don't have equivalent products and tecnologies and haven't been testing them with every man and his dog?

Where is the icon for "I'm totally exasperated with people's ability to ignore the truth in front of their nose"?

Re: Perhaps...

Firmware and software updates to the machine maybe however one of the 'ideas' of the system, as claimed, is that it is meant to 'anonymise' URLs. Indicators elsewhere suggest that it has been failing to do that. That may or would mean it has been collecting and scanning URLs pointing to places it really had no right to do so. Given its location in the network it is also likely to have been collecting and scanning URLs from sources other than web activity, for example links e-mailed to people which they visit later.

The AVG link scanner caused some annoyance as a result of overloading sites but that relied on URLs trawled by search engines which would have been in 'plain sight' in the first place. This one has the opportunity to go deeper and it has done replaying session URLs and others which search engines will not have seen in the first place.

Of course common sense and security would dictate that you do not go e-mailing 'secret' links to the plans of your latest mutant rabbit army about the place... but if you did and the recipient had GreenNet in their ISP then the secret is out and we would be overrun by mutant rabbit armies. Alarmist maybe. After all SOP is to leave such information on a laptop on the back seat of the No 9 bus.

Furthermore I might be wrong but part of the DPA involves rules against transferral of data to third parties. If, for example, a TalkTalk DSE GreenNet system is handing over this data to such a third party, in this case Huawei, then they may run foul of the relevant legislation. Of course if these URLs have been properly anonymised then maybe not but it renders the whole thing no better in terms of performance than other available systems that do not have to sit in the network and scrape URLs from customer communications.

Otherwise yes!!!1 It's the Chinese FFS and all that loverly data is being handed back to them. Naturally if it was Cisco there would not be a problem because we can trust the Americans not to do anything naughty with any intel that might result from such activities.